Total
317652 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11637 | 1 Br-automation | 1 Automation Runtime | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition. | |||||
| CVE-2020-11635 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | |||||
| CVE-2020-11634 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. | |||||
| CVE-2020-11633 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. | |||||
| CVE-2020-11632 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | |||||
| CVE-2020-11631 | 1 Primekey | 1 Ejbca | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. An error state can be generated in the CA UI by a malicious user. This, in turn, allows exploitation of other bugs. This follow-on exploitation can lead to privilege escalation and remote code execution. (This is exploitable only when at least one accessible port lacks a requirement for client certificate authentication. These ports are 8442 or 8080 in a standard installation.) | |||||
| CVE-2020-11630 | 1 Primekey | 1 Ejbca | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. In several sections of code, the verification of serialized objects sent between nodes (connected via the Peers protocol) allows insecure objects to be deserialized. | |||||
| CVE-2020-11629 | 1 Primekey | 1 Ejbca | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to the CA UI could exploit this to upload malicious scripts to the server. (Risks associated with this issue alone are negligible unless a malicious user already has gained access to the CA UI through other means, as a trusted user is already trusted to upload scripts by virtue of having access to the validator.) | |||||
| CVE-2020-11628 | 1 Primekey | 1 Ejbca | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA's internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.) | |||||
| CVE-2020-11627 | 1 Primekey | 1 Ejbca | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. A Cross Site Request Forgery (CSRF) issue has been found in the CA UI. | |||||
| CVE-2020-11626 | 1 Primekey | 1 Ejbca | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting (XSS) vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets. | |||||
| CVE-2020-11625 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057. | |||||
| CVE-2020-11624 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors. | |||||
| CVE-2020-11623 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable. | |||||
| CVE-2020-11622 | 1 Arista | 2 Cloudeos, Veos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured. | |||||
| CVE-2020-11620 | 4 Debian, Fasterxml, Netapp and 1 more | 18 Debian Linux, Jackson-databind, Active Iq Unified Manager and 15 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | |||||
| CVE-2020-11619 | 4 Debian, Fasterxml, Netapp and 1 more | 21 Debian Linux, Jackson-databind, Active Iq Unified Manager and 18 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | |||||
| CVE-2020-11618 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | |||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||||
| CVE-2020-11616 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | |||||